CVE-2025-41407 – Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

May 23, 2025

CVE ID : CVE-2025-41407

Published : May 23, 2025, 11:15 a.m. | 19 minutes ago

Description : Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5105 – “Tozed ZLT W51 Heap Memory Corruption”

Next Article CVE-2025-3893 – MegaBIP SQL Injection

Highlights

CVE-2025-34070 – GFI Kerio Control GFIAgent Authentication Bypass

July 2, 2025

CVE ID : CVE-2025-34070

Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago

Description : A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-41407 – Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes

CVE-2025-27454 – Adobe ColdFusion CSRF

CVE-2025-6132 – “Chanjet CRM SQL Injection Vulnerability”

CVE-2025-20307 – Cisco BroadWorks Application Delivery Platform Cross-Site Scripting (XSS) Vulnerability

CVE-2025-34070 – GFI Kerio Control GFIAgent Authentication Bypass

CVE-2025-3803 – Tenda W12 and i24 Stack-Based Buffer Overflow Vulnerability

CVE-2022-44454 – Apache HTTP Server Cross-Site Request Forgery

CVE-2025-3497 – Radiflow iSAP Smart Collector EOL Vulnerability

CVE-2025-41407 – Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Related Posts